Input validation

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

CVE-2015-9272

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

CVE-2015-9272

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

WordPress VideoWhisper Video Presentation Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.VideoWhisper Video Presentation is a video communication plugin. A security vulnerability in the WordPress VideoWhisper Video Presentation plugin allows remote...

Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-29...

WordPress VideoWhisper Video Presentation Plugin 3.31.17 /vp/vw_upload.php 文件上传漏洞

/vp/vwupload.php?php if $GET"room" $room=$GET"room"; if $POST"room" $room=$POST"room"; $filename=$FILES'vwfile''name'; includeonce"incsan.php"; sanV$room; if !$room exit; sanV$filename; if strstr$filename,".php" $filename = ""; //duplicate php extension not allowed due to vulnerabilities of older...

WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-31...

CVE-2014-4570

Multiple cross-site scripting XSS vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 roomname parameter to clogin.php or 2 room parameter to index.php in vp/...

CVE-2014-4570

CVE-2014-4570 affects the VideoWhisper Video Presentation WordPress plugin (pre-3.31). Vulnerability: cross-site scripting (XSS) allowing remote attackers to inject arbitrary script/HTML via the room_name parameter to c_login.php or the room parameter to index.php in vp/. Impact: XSS with network...

Wordpress VideoWhisper Video Presentation Plugin 3.17 Arbitrary File Upload

Exploit for php platform in category web applications Description : Wordpress Plugins - VideoWhisper Video Presentation Arbitrary File Upload Vulnerability Version : 3.17 Link : http://wordpress.org/extend/plugins/videowhisper-video-presentation/ Plugins :...